Tag Info

Overview
First, I learned a lot of my information from a combination of my amateur radio experience and an awesome talk I sat in at DEFCON 18. The majority of satellite systems are simple repeaters. The signal that comes in on a transponder is cleaned, amplified, and retransmitted. If you know the location and input frequency, and you pump more effective ...

I used to be a Command Controller (CC) at the Laboratory for Atmospheric and Space Physics (LASP) (http://lasp.colorado.edu/). I was one of the people who would sit in front of the console during the times when spacecraft were visible to the ground stations. I would read/record telemetry to ensure spacecraft health and often send up new commands that would ...

The Internet at large is designed to resist nuclear blasts. At least, it was a design goal of its immediate predecessor, ARPANET.
There is no secret: to survive loss of components, you must have redundancy. In the context of nuclear blasts, this means that there must exist several paths for data between any two machines, and the paths should be as ...

As for how it may happen that reflashing the BIOS does not eradicate the malware, we can hazard a few guesses:
The reflash operation is under control of... the BIOS, so the infected BIOS only pretends to do the reflash (or reinfects the new BIOS immediately afterwards).
Another flashable firmware in the machine is also infected, and when either it or the ...

What would be required to hack a satellite (in general terms, any hack really)?
When it comes to satellites, the word general does not apply. Almost every satellite, with very few exceptions is custom. Even the currently orbiting GPS satellites are not all the same: there are GPS IIA, GPS IIR, GPS IIR-M, and GPS IIF. I would venture that even satellites ...

Apparently, NASA is taking communication security very seriously (and I would, too, if I had 2G$+ toys to manage !). I think they've done so for a long time, because in the early times of space exploration (in the 1960s) they feared malicious interference from their arch-enemies, the Soviets.
(I do not have a reference handy, but my brain cells tell me that ...

In lieu of waxing elequent in a topic that I am only briefly versed, I will defer my response to a DEFCON talk I saw last year that will do at least three things:
Blow your mind
Expose vulnerabilities in Sats
Enlighten your knowledge on the subject in painstaking detail (see item one)
Here is the archived talk with video. This is a very nice guy (Matt ...

First, APT does not refer to exploits, rootkits etc., but to the threat actors and the organisation behind them.
That said, bios and firmware attacks have been around for a while. The only change here is the same one any class of attacks goes through: they have become commoditised.
This doesn't change the approach of find, patch etc., but it does ...

First, of all, I'm not expert on hacking satellites, I don't know how to turn GPS repeater into Death Star.
What I find interesting is space exploration, travelling into space and so... Everything I'll write here is just something I read somewhere and it's all hypothetical.
Satelitte hacking (yeah, I know it's not quite the same as hijacking it) is ...

There's a broad spectrum of methods that could be used to monitor your communication.
External Monitoring ("Lawful Intercept")
Your attacker could be monitoring your communication upstream. This could be because they're working with your ISP, or they're sniffing your home network (wired or wireless). You said that your attacker knows things you typed... ...

While I dont know how most critical infrastructure is defended against EMP threats I do know of many instances of critical infrastructure offer no protection to these kinds of threats.
This does however not mean that there does not exist protection. Take for example Kelvedon Hatch nuclear bunker. Some of its features, and which should be considered in any ...

As far as travel precautions, the EFF has these recommendations for travelling to the US:
Carry as little data as possible over the border.
Keep a backup of your data elsewhere.
Encrypt the data on your device.
Store the information you need somewhere else, then download it when you reach your destination.
Protect the data on your devices with passwords.
...

Remember the I in the CIA triad - Integrity. It is also a security failure if these sensitive Word documents and Excel spreadsheets from outside don't convert properly when you open them in your office suite.
I fear you may have to accept that you need to run a proper copy of Office and put controls around that - for example, by opening them in a disposable ...

There are no actual citations in the article, but according to the Guardian the UK is developing a cyber-weapons program. From the article (emphasis added):
Military to gain a new range of offensive options to defend critical installations around the country from cyber attacks
The article does directly quote a few high level officials (including one ...

What would be required to hack a satellite (in general terms, any hack
really)?
Just answering to 'any hack'. It is possible to use a satellite to get a completely anonymous connection to the Internet that is untraceable, because the IP address you are using is the IP address of the satellite. Tutorial here. Note: do not try this, it is totally ...

You probably have read this news a long time ago: http://news.cnet.com/Satellite-hack-raises-security-questions/2100-1033_3-222516.html
Britain's Ministry of Defense is denying that the nation's military satellites were hacked, but the reported disruption raises questions about the security of all satellite-based communications services.
...
...

I can confirm that removing the batteries before meetings is really done in some organizations. It is at least partially sensible, in that battery management might be handled by a dedicated very small CPU which cannot be switched off otherwise: I have an old Mac laptop -- a G4 iBook -- where such a dedicated unit is called the PMU (Power Management Unit). ...

In addition to the other excellent answers here --
You asked about some of the threats that one must defend against. One possible risk is the possibility that the launch vehicle or spacecraft could be hijacked and retargeted to de-orbit and come back to Earth, hitting some designated location on Earth -- in effect, turning the spacecraft into a ...

Impersonating law enforcement agents is an old trick used by criminals to fool honest people. This is a mechanism used in numerous movies, e.g. this one.
Though it has been revealed that the US government requested (and presumably obtained) some user password dumps from Internet companies, the exact details of the used protocols for that exchange are not ...

Go to, for example, the GCHQ website. Read what they say - they are the largest computing centre in Europe; they employ very many mathematicians and computer people; they are responsible for monitoring communications "from DC to light".
With that information you can invent various conspiracy theories about what they are capable of.
Mix in information from ...

Okay - there are definitely two important points to remember here:
Some governments do have the ability to target a particular individual and tap into everything they do, but
They just don't have the resources to do this unless you are an astonishingly valuable target/criminal/spy
The technology is all simple stuff, but really, your government don't care ...

First, awesome use of the nuclear-bomb tag.
Second, EMP. Electro-magnetic pulse is mostly mitigated by sending it to ground.
Place routers/firewalls in a faraday cage (Imagine a room that has copper screen on all sides of it).
Ground the Faraday cage (connect the copper mesh to multiple 6' copper rods that are pounded into the ground).
Make it level ...

You mentioned these in the question, but these are not just speculation:
Israel: http://www.theregister.co.uk/2011/04/06/isreal_mulls_elite_counter_hacker_unit/
Iran: http://www.foxnews.com/world/2011/03/14/iran-recruiting-hacker-warriors-cyber-army/

That said, bios and firmware attacks have been around for a while. The only change here is > the same one any class of attacks goes through: they have become commoditised.
This doesn't change the approach of find, patch etc., but it does mean that a c>ompromised
machine may require cleaning at firmware and hardware level, not just OS.
...

it seems as thought you have requirements to:
view office documents from external sources
a secure system that you wish to shield from an attack bourne by use of office tools
It seems to me that separation is the answer. This comes in varying strengths:
Air Gap: Is there a strong requirement for your secure system to also connect to external sources ...

USA has been active in offensive measures for long - and it's not that well hidden - and of course UK has been expanding lately with a huge pile of money reserved for cyberwarfare and GCHQ. Also China is probably the first in the 'game' - it has whole universities training people and elite hacking units for over 5 years now.
For the US, one actual official ...

The U.S. government for many years has had a program called TEMPEST. Originally it was a set of specifications for devices and structures intended to minimize the chance of an outside evil-doer picking up emissions from devices processing sensitive data.
Over the years it has extended to EMP protection. This is logical since those measures that keep ...

This post is in draft
I'm getting a lot of one-liner answers to a question with 500 bounty, so I figure I'll try and raise the water-mark here for quality answers.
Post road-map:
Expand on past examples of hacks of satellites, work done
Find better information on satellite types, explain their usage, and function, as well as inferring potential risks.
...

Have you read about the Stuxnet virus? One place to begin reading about it is http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1
Then you can extrapolate the history to your question:
yes, if you don't have the source code and don't analyze it, you can't trust what's being used
If you don't check everything that comes ...